Estimated reading time: 4 minutes
By Kyle Lewis, Chair, Sirtfi Exercise Planning Working Group
As part of its ongoing effort to increase cross-federation levels of trust in cybersecurity, InCommon is hosting its fourth annual Sirtfi cybersecurity cooperation exercise this fall. Sirtfi (Security Incident Response Trust Framework for Federated Identity) is part of InCommon’s baseline expectations.
The event is open to InCommon participants and eduGAIN partners, who will practice coordinating a response to a federated security incident by running a multi-organization, federated incident response exercise. Sirtfi-compliant organizations* interested in their federated identity providers (IdPs) and/or service providers (SPs) participating in this exercise should complete the expression of interest form by Sept. 30, 2025. The exercise will take place Nov. 17-21, 2025.
Practicing the Framework
The event’s primary purpose is to practice using the Sirtfi framework to coordinate cybersecurity incident response between affected organizations. InCommon’s goals include practicing cross-organization coordination on cybersecurity scenario response using the Sirti Framework and identifying when one should get – and knowing how to get – a security contact to address an alert.
Participants will practice communication and coordination between security teams. This is not a technical exercise, and there will be no live action on any network. All breaches, security investigations, log files, etc., will be simulated in a story-driven narrative.
How the Exercise Will Work
Exercise participants will only be performing four “real-world” tasks as they discuss the narrated scenario and interact with the exercise control cell:
- Recognizing when the scenario includes activity that affects other external federated organizations, which prompts the need to use the Sirtfi framework.
- Finding that user’s security contact when given a username/organization as required to be published by the Sirtfi framework.
- Establishing communications with an external organization using the Sirtfi security contact.
- Receiving and responding to requests to the security contact, identifying those requests as Sirtfi requests, and partnering as appropriate depending on the narrated scenario event.
All other tasks will be simulated through tabletop narration. Additional information is available on the working group wiki.
The purpose of the event is to practice. It’s not a graded exercise or a test. The cybersecurity cooperation exercise enables us to practice what we committed to doing when our entities asserted Sirtfi compliance. Practicing is preferable to waiting for a real security breach to figure Sirtfi out while also under the pressure of trying to secure your network.
*Sirtfi-compliant organizations adhere to the Security Incident Response Trust Framework for federated Identity, a standard for demonstrating a commitment to responding to security incidents and ensuring a reliable and secure environment for collaborative incident response within research and education communities.
Kyle Lewis is vice president of cybersecurity strategy at InCommon Catalyst RDCT and a member of the InCommon Community Trust and Assurance Board.
The Benefits of Exercising with Us
Here’s what some of the participants in previous cybersecurity exercises had to say about how it helped them and their organizations.
- “Lessons learned from the InCommon exercise prompted us to do internal tabletop exercises.”
- “Our team appreciated the chance to participate; overall it was a good exercise.”
- “We’ve done exercises internally in the past, but having real external players helped break our insular mindset of not being used to reaching out externally.”
About the Sirtfi Exercise Working Group
The Sirtfi Exercise Working Group prepares members of the InCommon Federation community to handle a federated security incident by conducting one or more tabletop exercises to simulate aspects of responding to the real thing. Exercises are aimed to be learning opportunities, increasing familiarity with and shared understanding of key concepts and practices in the Sirtfi framework. The Sirtfi Exercise Working Group is chartered by the InCommon Community Trust and Assurance Board.